[MAJOR] use the new auth framework for http stats
Support the new syntax (http-request allow/deny/auth) in
http stats.
Now it is possible to use the same syntax is the same like in
the frontend/backend http-request access control:
acl src_nagios src 192.168.66.66
acl stats_auth_ok http_auth(L1)
stats http-request allow if src_nagios
stats http-request allow if stats_auth_ok
stats http-request auth realm LB
The old syntax is still supported, but now it is emulated
via private acls and an aditional userlist.
diff --git a/include/common/uri_auth.h b/include/common/uri_auth.h
index b4c297c..e669880 100644
--- a/include/common/uri_auth.h
+++ b/include/common/uri_auth.h
@@ -17,13 +17,6 @@
#include <types/auth.h>
-/* here we find a very basic list of base64-encoded 'user:passwd' strings */
-struct user_auth {
- struct user_auth *next; /* next entry, NULL if none */
- int user_len; /* user:passwd length */
- char *user_pwd; /* auth as base64("user":"passwd") (see RFC2617) */
-};
-
/* This is a list of proxies we are allowed to see. Later, it should go in the
* user list, but before this we need to support de/re-authentication.
*/
@@ -46,9 +39,9 @@
char *node, *desc; /* node name & description reported in this stats */
int refresh; /* refresh interval for the browser (in seconds) */
int flags; /* some flags describing the statistics page */
- struct user_auth *users; /* linked list of valid user:passwd couples */
struct stat_scope *scope; /* linked list of authorized proxies */
- struct list req_acl; /* */
+ struct userlist *userlist; /* private userlist to emulate legacy "stats auth user:password" */
+ struct list req_acl; /* http stats ACL: allow/deny/auth */
struct uri_auth *next; /* Used at deinit() to build a list of unique elements */
};
diff --git a/include/proto/proto_http.h b/include/proto/proto_http.h
index 68a771e..8213e3b 100644
--- a/include/proto/proto_http.h
+++ b/include/proto/proto_http.h
@@ -81,7 +81,7 @@
void manage_client_side_cookies(struct session *t, struct buffer *req);
void manage_server_side_cookies(struct session *t, struct buffer *rtr);
void check_response_for_cacheability(struct session *t, struct buffer *rtr);
-int stats_check_uri_auth(struct session *t, struct proxy *backend);
+int stats_check_uri(struct session *s, struct proxy *backend);
void init_proto_http();
int http_find_header2(const char *name, int len,
char *sol, struct hdr_idx *idx,
diff --git a/include/types/proto_http.h b/include/types/proto_http.h
index 18fbc26..f5410fa 100644
--- a/include/types/proto_http.h
+++ b/include/types/proto_http.h
@@ -315,7 +315,6 @@
char *srv_cookie; /* cookie presented by the server, in capture mode */
char *sessid; /* the appsession id, if found in the request or in the response */
- struct chunk auth_hdr; /* points to 'Authorization:' header */
struct http_auth_data auth; /* HTTP auth data */
};